Moon jump ASM for 3d games

[Patedj]

Games such as Mario Galaxy, Mickey Mouse, Little ninjas, etc. have troubled me since the beginning. I look up everyone's moon jump codes but I don't understand why they did what they did.

At the moment I'm working on a moon jump for Okami pal, but can't get my mind around it.

What I want now is a step by step plan to get to the moon jump code.

1a. what am I searching for: y axis, speed, inverted?
b. how do you get to the address: equal, not equal, greater, less
2a. Once there I want ASM
b. what asm am I looking for. addi,fads,subi,etc
3a. how to write it up.: completely

the more answers I get the better off I am.

 

[Bully@Wiiplaza]

then, let´s start improving, Patedj

---------------------------

When you found the moonjump adress (NOT your y heigh coordinate, it also works but it´s harder!!), set a read breakpoint on it.
Now, if you got a lfs or lwz check if it´s refering to the right place.
Example:

lfs f0, 10 (r3)
r3 shows: 81234567

Now we add r3 + 10 (converted to hex)
-> 81234567 + 0A = 81234571
If the result is EXACTLY the same as our moonjump adress, we can use this instruction, if it´s not the same, set another breakpoint read.

Next step, writing the ASM:
For that, you just need to do an ASM RAM Write with lis, ori and stw.
You should write a float like 44000000, the higher the float the faster the jumping speed!

[spoiler]28XXXXXX YYYYZZZZ
ASM HERE
E2100000 00000000
ANTI CODE HERE
E0000000 80008000[/spoiler]

" If jump button is pressed, moonjump"

[Deathwolf]

Moonjump:

1. Search for Equal
2. Search for Greather than
3. Search for Less than
4. Search for Equal

Do it x4-5 and then do a huge Multi-Poke.

If found, set breakpoint write or read on this address. It will give you a lfs or stfs instruction.
Now you are able to write your own value to a register.

Example:
You get this instruction, stfs f0,46(r31)
f0 is the value and r31 is your address.
Write 40000000 to register 12 and store it into address.

lis r12,0x4000
ori r12,r12,0x0000
stw r12,46(r31)

code:

C2000000 00000002
3D804000 618C0000
919F002E 00000000

[strakn]

There are a few different methods to making  moonjump, either modding gravity or the y-coord or the y-speed modifier. I believe the last one is what bully is refering to.

For methods on finding the moonjump address try googling "glee method moonjump"
You can look at this thread also for info http://wiird.l0nk.org/forum/index.php?topic=1454.0

The template that bully posted in his spoiler looks like how ZiT made his moodjump code for the jap version of this game.

[Bully@Wiiplaza]

Example:
You get this instruction, lfs f0,46(r31)
f0 is the value and r31 is your address.
Write 40000000 to register 12 and store it into address.

lis r12,0x4000
ori r12,r12,0x0000
lfs r12,46(r31)

code:

C2000000 00000002
3D804000 618C0000
C19F002E 00000000

A lfs must have a float register!
The ASM can *for example* look like this (that´s how I do it)

stwu r1,-16(r1) # stack frame
stw r11,8(r1)
lis r11,0xHHHH # write upper value
ori r11,r11,0xLLLL # write lower value
stw r11,d(rA)
lwz r11,8(r1)
addi r1,r1,16 # end stack frame
lfs fD,d(rA) # lfs instruction

The template that bully posted in his spoiler looks like how ZiT made his moodjump code for the jap version of this game.

That´s the most common template, because it´s very good aswell :p
It´s also possible to do it in pure ASM, but never mind.

[Deathwolf]

right right thanks bully.

sometimes you just can use another float register.

f0:00000000 f1:3FCCCCCC f3: 41000000

stfs f0,46(r31) to stfs f3,46(r31)

[Bully@Wiiplaza]

right right thanks bully.

sometimes you just can use another float register.

f0:00000000 f1:3FCCCCCC f3: 41000000

stfs f0,46(r31) to stfs f3,46(r31)

but that´s critical, since the content of the register may change and your moonjump gets a surprise at speed.
The best way is to contantly write his own value to the adress.

[Deathwolf]

right right thanks bully.

sometimes you just can use another float register.

f0:00000000 f1:3FCCCCCC f3: 41000000

stfs f0,46(r31) to stfs f3,46(r31)

but that´s critical, since the content of the register may change and your moonjump gets a surprise at speed.
The best way is to contantly write his own value to the adress.

yes doesn't work everytime but ZiT used it.
here for example my bo moonjump ASM code:

28200F40 00000008
04390F24 D0430034
E2100000 00000000
04390F24 D0030034
E0000000 80008000

stfs   f0,52(r3) and stfs   f2,52(r3)

[dcx2]

Dude, I *love* Okami.  If you want any help porting any of my codes (like Always Have All Holy Artifacts Equipped), I'll be more than happy to help.  Same goes for Tales of Symphonia, another game I'd gladly help port awesome codes to.

Regarding the moon jump, brkirch made a moon jump for Super Mario Galaxy 2, and he posted the disassembly with comments.  That code was the first time I ever saw the bl trick for creating small data areas inside a C2 code.  The bl trick is a bit different now (I put the data after the bl, to save a branch), but you can get the point.

http://wiird.l0nk.org/forum/index.php/topic,5791.msg50630.html#msg50630

http://wiird.l0nk.org/forum/index.php/topic,5791.msg50650.html#msg50650

Basically, when you start jumping, he records the jump velocity in the first C2 code, and then the second C2 code will continually overwrite the actual velocity with the initial velocity.  This keeps you jumping forever.

However, one problem I *always* see with moon jump codes is a total lack of air control.  This is why I prefer infinite double jump codes to moon jump.

[Bully@Wiiplaza]

can´t it be done with the templates above?
I once tried it out, *not believing* that it isn´t that easy and I couldn´t do it.
SMG2 is weird with Moonjump and brkirchs Moonjump may look like a "fail" code for people not knowing the bl trick (like me ._.)

[Patedj]

That's awesome guys. And dcx2 let's port both!. What do you need from me to start porting, or what can you give me to start porting?

I'm going to read up every link you guys sent me and then I'll reply on what I understood.

For now, I understand that I've always been looking for the y axis while understanding that there are 2-3 other ways of creating a jump code.
Y axis is easy to find. Find a ramp, and jump while searching for greater and less and equal.

You can look at this thread also for info http://wiird.l0nk.org/forum/index.php?topic=1454.0

but I have no success with this in 3d games. Y axis seems to work ok in 2d platforms such as the old super mario worlds.

I had a look at
http://wiird.l0nk.org/forum/index.php/topic,5791.msg50630.html#msg50630
I think I'll try velocity. I couldn't picture how it was going about it before.
[spoiler]
This belongs to http://doc.kodewerx.org/generic_code_hacking.html#mega_jump
"The GLEE Method

The "GLEE" method was pioneered by macrox. The basic theory at the time was that the player's Y speed increases when not on the ground (whether rising or falling). This may seem to contradict the theory above, but it's still technically true. This is because the GLEE method treats moon jumps like most other basic codes: it uses unsigned searches. The steps are outlined below. It's probably best to set whatever search tool is being used to compare 32-bit values first, if available. If that option is unavailable or doesn't work, try 16-bit and so on.

   1. If the character is stands totally still on the ground, it's a reasonable assumption that Y speed isn't changing. Start a an unknown value search (initial dump). If the character jitters while standing or something, the Equal To searches mentioned here may need to be skipped. This makes it more difficult to narrow the results, but it's still possible.
   2. Move around a bit, then stand still again. Search Equal To. Repeat this step a couple times to eliminate some junk results.
   3. Now jump, or fall from a high place if the game has no jumping. While in the air and rising/falling, search Greater Than. Even if the game does allow jumping, falling from something instead to do the Greater Than might shave some extra results off the list.
   4. Once the player lands on the ground again and is standing still, search Less Than.
   5. Repeat the steps above until the results list is narrowed considerably.
   6. When ready to test some results, jump again (if possible) and do a Greater Than while still rising. Catching the value when just beginning to rise is best, though not always easy. The current value should give an idea of what to use for a moon jump value. Turn on a result at a time and look for effects on the player's Y speed.
   7. Once the correct address is found, try different values until the desired rising effect is reached. A value too high can orbit the player instantly (and even crash the game), and a value too low will force the player to the ground or perhaps keep the play from falling. On games that don't allow jumping, try freezing the value of each address to 0 and attempting to fall until an effect is noticed. Note that getting the rising effect on games which don't allow jumping sometimes still requires falling off something.
          * If the game doesn't allow rising without falling off something, then be possible to hack a code to tell the game the player is in the air. This can be hard or next to impossible on some games, but it works on others.
          * The idea is to start a new search while standing still. Then move to a different position, and search Equal To.
          * Fall off something, and search Different To while in the air. Following this up with an Equal To while still in the air might help cut down the results.
          * Once the player in back on the ground, search Different To again. Repeat these 3 steps until the results are narrowed.
          * Try the results with addresses nearest the Y speed address first. Doing this can sometimes save time, especially when it gets hard to reduce the amount of results and there are still a lot left. When testing results use the value from when the player was in the air along with the Y speed code to attempt forcing the player to rise.
   8. After locating the Y speed and the right value to get the player rising up without actually jumping to the moon, look up the button activator/joker for the game and the button value desired for the moon jump code. Using the same button the game does to jump is the preferred choice.
   9. Put the Y speed code with the activator and test it. If a code was hacked to tell the game the player is in the air, put this on an activator for the same button.
  10. Enjoy the new moon jump code.".[/spoiler]

I'm actually still unsure of what I'll be searching for.
1. Search: floor: equal/unknown
               walk and stop: equal/new
               jump: greater:new
               floor: less
               (jump: greater
               floor: less)
               x2-5 times
               mega(multiple) poke on jump or floor? both would work, but which would work easiest? (how do you poke mp address + mp values with .net? cause right clicking on each is counter productive)
2. Is there two types of velocities? An on/off type where it tells the avatar that going up is ok. (base address valued 0-1) and an actual accelerator with floats as a usual design (ie: 42C80000 or 3F800000).

With this search I would be able to poke for both. I can also figure that this would also find the Y axis. So 3 things to look at now.


I also read something that dcx2 wrote; something with 0 when at maximum height?

Here I go... Okami [R0(O)2P08] I'm not sure if it's an 0 or o
velocity addresses next reply

[dcx2]

Yeah, SMG2 was special because "up" could be any direction due to the weird gravity and planets.  Games where "up" is always positive are easier.

[Patedj]

So I've done some searches but without luck.
Which brings me to the next question.
What am I doing wrong when searching.
I start with standing still  equal/unknown
stop somewhere else       equal/new
camera move x axis         equal/new
camera move y axis         equal/new
then I jump                    greater/new (doesn't matter if I'm falling right?)
then I land                     less/new


I end up with nothing in the 80s, 81s

[strakn]

1. start with an unknown search
2. dont move - search equal to
3. jump - while in the air - search greater than
4. land - search less than
5. dont move after landing - search equal to
6. goto 3.

You cant move and then do an equal search, you may think the surface your on is flat but if its off by a hair you will lose a possible value that your looking for.

If your character does any kind of bobbing or movement when standing still you may have eliminate the equal to searches.

Also in some games up may be a lower value than down, you might try searching less than when in the air and greater than after landing.

[Patedj]

results with strakn's method

[spoiler]80C9FEE4   80493EA0   00000000   7FB6C160
80C9FEC8   59800004   00000000   A67FFFFC
80C9FEAC   80493EA0   00000000   7FB6C160
80C9FE0C   80C9FF30   80034184   FF394254  
808D5C5C   910164A0   00000000   6EFE9B60
808D5C54   0000001D   00000000   FFFFFFE3
808D5C50   0000008C   00000000   FFFFFF74
808D5C4C   0000008B   00000000   FFFFFF75
808D5C48   91015D00   00000000   6EFEA300
808D5C44   91015960   00000000   6EFEA6A0
808D5C30   00000001   00000000   FFFFFFFF
808D5C2C   00000001   00000000   FFFFFFFF
808D5C24   00000059   00000000   FFFFFFA7
808D5C20   01000000   00000000   FF000000
808D5BFC   3F8147AE   00000000   C07EB852
808D5BF8   3F800000   00000000   C0800000
808D5BF4   3F800000   00000000   C0800000
808D5BF0   3F800000   00000000   C0800000
808D5BEC   3F800000   00000000   C0800000
808D5BD8   3F800000   00000000   C0800000
808D5BD0   00000001   00000000   FFFFFFFF
808D5BCC   00005622   00000000   FFFFA9DE
808D5BC4   0000C5C0   00000000   FFFF3A40
808D5BC0   911E62A0   00000000   6EE19D60
808D5BBC   8023C490   00000000   7FDC3B70 ---> freeze poke
808D471C   0000054F   00000000   FFFFFAB1
808D2AEC   10000008   00000000   EFFFFFF8
808D2AE8   00000002   00000000   FFFFFFFE
808D2AE4   10000008   00000000   EFFFFFF8
808D2AE0   00000002   00000000   FFFFFFFE
808D2ADC   10000008   00000000   EFFFFFF8
808D2AD8   00000002   00000000   FFFFFFFE
80286FB8   00000001   00000000   FFFFFFFF
80286BDC   8020A260   00000000   7FDF5DA0
80286B94   000A0A0A   00000000   FFF5F5F6
80275F0C   00000001   00000000   FFFFFFFF
801B592C   0000003C   00000000   FFFFFFC4
801B58FC   00007100   00000000   FFFF8F00
80002774   00000002   00000001   FFFFFFFF[/spoiler]

Poked everything but nothing happens.
I'll try 81 now and the 90s next
Edit: nothing in 81s
Edit: over 383 results after 5 repeated times.
Mostly 3fc00000 to 42xxxxxx
and fff6fff6 to fff7fff7